NB-Public/meteor-accounts-saml
14
0
Fork 0
mirror of https://github.com/netzbegruenung/meteor-accounts-saml.git synced 2024-04-29 10:24:52 +02:00
Code Issues Projects Releases Wiki Activity

Added gerbsen's changes for encryption

Browse source
This commit is contained in:
Steffo Weber 2018-08-14 20:55:29 +02:00
parent 0f4fabf7d6
commit 7ebc606289
3 changed files with 60 additions and 38 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

71
.npm/package/npm-shrinkwrap.json generated
View file

@ -12,9 +12,9 @@
"integrity": "sha1-EBPRBRBH3TIP4k5JTVxm7K9hR9k=", "integrity": "sha1-EBPRBRBH3TIP4k5JTVxm7K9hR9k=",
"dependencies": { "dependencies": {
"lodash": { "lodash": {
"version": "4.17.5", "version": "4.17.10",
"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.5.tgz", "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.10.tgz",
"integrity": "sha512-svL3uiZf1RwhH+cWrfZn3A4+U58wbP0tGVTLQPbjplZxZ8ROD9VLuNgsRniTlLe7OlSqR79RUehXgpBW/s0IQw==" "integrity": "sha512-UejweD1pDoXu+AD825lWwp4ZGtSwgnpZxb3JDViD7StjQz+Nb/6l093lx4OQ0foGWNRoc19mWy7BzL+UAK2iVg=="
} }
} }
}, },
@ -44,14 +44,14 @@
"integrity": "sha1-WQxhFWsK4vTwJVcyoViyZrxWsh0=" "integrity": "sha1-WQxhFWsK4vTwJVcyoViyZrxWsh0="
}, },
"http-errors": { "http-errors": {
"version": "1.6.2", "version": "1.6.3",
"resolved": "https://registry.npmjs.org/http-errors/-/http-errors-1.6.2.tgz", "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-1.6.3.tgz",
"integrity": "sha1-CgAsyFcHGSp+eUbO7cERVfYOxzY=", "integrity": "sha1-i1VoC7S+KDoLW/TqLjhYC+HZMg0=",
"dependencies": { "dependencies": {
"depd": { "depd": {
"version": "1.1.1", "version": "1.1.2",
"resolved": "https://registry.npmjs.org/depd/-/depd-1.1.1.tgz", "resolved": "https://registry.npmjs.org/depd/-/depd-1.1.2.tgz",
"integrity": "sha1-V4O04cRZ8G+lyif5kfPQbnoxA1k=" "integrity": "sha1-m81S4UwJd2PnSbJ0xDRu0uVgtak="
} }
} }
}, },
@ -71,9 +71,9 @@
"integrity": "sha1-hxDXrwqmJvj/+hzgAWhUUmMlV0g=" "integrity": "sha1-hxDXrwqmJvj/+hzgAWhUUmMlV0g="
}, },
"mime-types": { "mime-types": {
"version": "2.1.17", "version": "2.1.18",
"resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.17.tgz", "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.18.tgz",
"integrity": "sha1-Cdejk/A+mVp5+K+Fe3Cp4KsWVXo=" "integrity": "sha512-lc/aahn+t4/SWV/qcmumYjymLsWfN3ELhpmVuUFjgsORruuZPVSwAQryq+HHGvO/SI2KVX26bx+En+zhM8g8hQ=="
}, },
"ms": { "ms": {
"version": "0.7.2", "version": "0.7.2",
@ -96,19 +96,19 @@
"integrity": "sha1-mUl2z2pQlqQRYoQEkvC9xdbn+5Y=" "integrity": "sha1-mUl2z2pQlqQRYoQEkvC9xdbn+5Y="
}, },
"setprototypeof": { "setprototypeof": {
"version": "1.0.3", "version": "1.1.0",
"resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.0.3.tgz", "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.1.0.tgz",
"integrity": "sha1-ZlZ+NwQ+608E2RvWWMDL77VbjgQ=" "integrity": "sha512-BvE/TwpZX4FXExxOxZyRGQQv651MSwmWKZGqvmPcRIjDqWub67kTKuIMx43cZZrS/cBBzwBcNDWoFxt2XEFIpQ=="
}, },
"statuses": { "statuses": {
"version": "1.4.0", "version": "1.5.0",
"resolved": "https://registry.npmjs.org/statuses/-/statuses-1.4.0.tgz", "resolved": "https://registry.npmjs.org/statuses/-/statuses-1.5.0.tgz",
"integrity": "sha512-zhSCtt8v2NDrRlPQpCNtw/heZLtfUDqxBM1udqikb/Hbk52LK4nQSwr10u77iopCW5LsyHpuXS0GnEc48mLeew==" "integrity": "sha1-Fhx9rBd2Wf2YEfQ3cfqZOBR4Yow="
}, },
"type-is": { "type-is": {
"version": "1.6.15", "version": "1.6.16",
"resolved": "https://registry.npmjs.org/type-is/-/type-is-1.6.15.tgz", "resolved": "https://registry.npmjs.org/type-is/-/type-is-1.6.16.tgz",
"integrity": "sha1-yrEPtJCeRByChC6v4a1kbIGARBA=" "integrity": "sha512-HRkVv/5qY2G6I8iab9cI7v1bOIdhm94dVjQCPFElW9W+3GeDOSHmy2EBYe4VTApuzolPcmgFTN3ftVJRKR2J9Q=="
}, },
"unpipe": { "unpipe": {
"version": "1.0.0", "version": "1.0.0",
@ -214,9 +214,9 @@
"integrity": "sha1-ZlZ+NwQ+608E2RvWWMDL77VbjgQ=" "integrity": "sha1-ZlZ+NwQ+608E2RvWWMDL77VbjgQ="
}, },
"statuses": { "statuses": {
"version": "1.4.0", "version": "1.5.0",
"resolved": "https://registry.npmjs.org/statuses/-/statuses-1.4.0.tgz", "resolved": "https://registry.npmjs.org/statuses/-/statuses-1.5.0.tgz",
"integrity": "sha512-zhSCtt8v2NDrRlPQpCNtw/heZLtfUDqxBM1udqikb/Hbk52LK4nQSwr10u77iopCW5LsyHpuXS0GnEc48mLeew==" "integrity": "sha1-Fhx9rBd2Wf2YEfQ3cfqZOBR4Yow="
} }
} }
}, },
@ -241,9 +241,9 @@
"integrity": "sha1-hxDXrwqmJvj/+hzgAWhUUmMlV0g=" "integrity": "sha1-hxDXrwqmJvj/+hzgAWhUUmMlV0g="
}, },
"mime-db": { "mime-db": {
"version": "1.30.0", "version": "1.33.0",
"resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.30.0.tgz", "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.33.0.tgz",
"integrity": "sha1-dMZD2i3Z1qRTmZY0ZbJtXKfXHwE=" "integrity": "sha512-BHJ/EKruNIqJf/QahvxwQZXKygOQ256myeN/Ew+THcAa5q+PjyTTMMeNQC4DZw5AwfvelsUrA6B67NKMqXDbzQ=="
}, },
"mime-types": { "mime-types": {
"version": "2.1.15", "version": "2.1.15",
@ -337,9 +337,9 @@
"integrity": "sha1-hxDXrwqmJvj/+hzgAWhUUmMlV0g=" "integrity": "sha1-hxDXrwqmJvj/+hzgAWhUUmMlV0g="
}, },
"mime-types": { "mime-types": {
"version": "2.1.17", "version": "2.1.18",
"resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.17.tgz", "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.18.tgz",
"integrity": "sha1-Cdejk/A+mVp5+K+Fe3Cp4KsWVXo=" "integrity": "sha512-lc/aahn+t4/SWV/qcmumYjymLsWfN3ELhpmVuUFjgsORruuZPVSwAQryq+HHGvO/SI2KVX26bx+En+zhM8g8hQ=="
} }
} }
}, },
@ -370,15 +370,20 @@
} }
} }
}, },
"xml-encryption": {
"version": "0.11.1",
"resolved": "https://registry.npmjs.org/xml-encryption/-/xml-encryption-0.11.1.tgz",
"integrity": "sha1-/x+TfcBi1PZ7glTYDaHAqJFCfwU="
},
"xml2js": { "xml2js": {
"version": "0.4.17", "version": "0.4.17",
"resolved": "https://registry.npmjs.org/xml2js/-/xml2js-0.4.17.tgz", "resolved": "https://registry.npmjs.org/xml2js/-/xml2js-0.4.17.tgz",
"integrity": "sha1-F76T6q4/O3eTWceVtBlwWogX6Gg=", "integrity": "sha1-F76T6q4/O3eTWceVtBlwWogX6Gg=",
"dependencies": { "dependencies": {
"lodash": { "lodash": {
"version": "4.17.5", "version": "4.17.10",
"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.5.tgz", "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.10.tgz",
"integrity": "sha512-svL3uiZf1RwhH+cWrfZn3A4+U58wbP0tGVTLQPbjplZxZ8ROD9VLuNgsRniTlLe7OlSqR79RUehXgpBW/s0IQw==" "integrity": "sha512-UejweD1pDoXu+AD825lWwp4ZGtSwgnpZxb3JDViD7StjQz+Nb/6l093lx4OQ0foGWNRoc19mWy7BzL+UAK2iVg=="
}, },
"sax": { "sax": {
"version": "1.2.4", "version": "1.2.4",

6
package.js
View file

@ -1,7 +1,7 @@
Package.describe({ Package.describe({
name:"steffo:meteor-accounts-saml", name:"steffo:meteor-accounts-saml",
summary: "SAML Login (SP) for Meteor. Works with OpenAM, OpenIDP and provides Single Logout.", summary: "SAML Login (SP) for Meteor. Works with OpenAM, OpenIDP and provides Single Logout.",
version: "0.0.15", version: "0.0.16",
git: "https://github.com/steffow/meteor-accounts-saml.git" git: "https://github.com/steffow/meteor-accounts-saml.git"
}); });
@ -54,8 +54,8 @@ Npm.depends({
"xmldom": "0.1.27", "xmldom": "0.1.27",
"connect": "3.6.0", "connect": "3.6.0",
"querystring": "0.2.0", "querystring": "0.2.0",
"arraybuffer-to-string": "1.0.1" "arraybuffer-to-string": "1.0.1",
// "xml-encryption": "0.10.0" "xml-encryption": "0.11.1"
}); });
// Npm.depends({ // Npm.depends({

21
saml_utils.js
View file

@ -373,7 +373,17 @@ SAML.prototype.validateResponse = function(samlResponse, relayState, callback) {
console.log('Got response'); console.log('Got response');
} }
const assertion = response.getElementsByTagNameNS('urn:oasis:names:tc:SAML:2.0:assertion', 'Assertion')[0]; var assertion = response.getElementsByTagNameNS('urn:oasis:names:tc:SAML:2.0:assertion', 'Assertion')[0];
const encAssertion = response.getElementsByTagNameNS('urn:oasis:names:tc:SAML:2.0:assertion', 'EncryptedAssertion')[0];
var xmlenc = Npm.require('xml-encryption');
var options = { key: this.options.privateKey};
if (typeof encAssertion !== 'undefined') {
xmlenc.decrypt(encAssertion.getElementsByTagNameNS('*', 'EncryptedData')[0], options, function(err, result) {
assertion = new xmldom.DOMParser().parseFromString(result, 'text/xml');
});
}
if (!assertion) { if (!assertion) {
return callback(new Error('Missing SAML assertion'), null, false); return callback(new Error('Missing SAML assertion'), null, false);
} }
@ -389,7 +399,14 @@ SAML.prototype.validateResponse = function(samlResponse, relayState, callback) {
profile.issuer = issuer.textContent; profile.issuer = issuer.textContent;
} }
const subject = assertion.getElementsByTagNameNS('urn:oasis:names:tc:SAML:2.0:assertion', 'Subject')[0]; var subject = assertion.getElementsByTagNameNS('urn:oasis:names:tc:SAML:2.0:assertion', 'Subject')[0];
const encSubject = assertion.getElementsByTagNameNS('urn:oasis:names:tc:SAML:2.0:assertion', 'EncryptedID')[0];
if (typeof encSubject !== 'undefined') {
xmlenc.decrypt(encSubject.getElementsByTagNameNS('*', 'EncryptedData')[0], options, function(err, result) {
subject = new xmldom.DOMParser().parseFromString(result, 'text/xml');
});
}
if (subject) { if (subject) {
const nameID = subject.getElementsByTagNameNS('urn:oasis:names:tc:SAML:2.0:assertion', 'NameID')[0]; const nameID = subject.getElementsByTagNameNS('urn:oasis:names:tc:SAML:2.0:assertion', 'NameID')[0];